diff --git a/go.mod b/go.mod index 28f733d..1f22f20 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.7 github.com/hexops/gotextdiff v1.0.3 github.com/kong/deck v1.34.0 - github.com/kong/go-kong v0.59.0 + github.com/kong/go-kong v0.60.0 github.com/samber/lo v1.47.0 github.com/shirou/gopsutil/v3 v3.24.5 github.com/ssgelm/cookiejarparser v1.0.1 @@ -29,7 +29,7 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/sync v0.8.0 golang.org/x/term v0.24.0 - k8s.io/code-generator v0.31.0 + k8s.io/code-generator v0.31.2 sigs.k8s.io/yaml v1.4.0 ) @@ -105,7 +105,7 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.18.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/tidwall/gjson v1.17.3 // indirect + github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect diff --git a/go.sum b/go.sum index 0b09efd..d511942 100644 --- a/go.sum +++ b/go.sum @@ -177,8 +177,8 @@ github.com/kong/deck v1.34.0 h1:iKSa5Cq8t7bdCv5R3XRV8UH+7FvnZB/YxhRTuih4rgg= github.com/kong/deck v1.34.0/go.mod h1:IUAixgNa1YSvEphgX9OIHmDyyi1JRaGTB0bYieuD9qo= github.com/kong/go-apiops v0.1.29 h1:c+AB8MmGIr+K01Afm4GB2xaOmJnD/8KWMJQkr9qssnc= github.com/kong/go-apiops v0.1.29/go.mod h1:ZNdiTZyVrAssB4wjEYWV7BfpcV9UME9LxnDDZhMPuNU= -github.com/kong/go-kong v0.59.0 h1:U6dE2sqb8E8j0kESW/RCW9TkXH8Y3W0EtNDXJVsDNuM= -github.com/kong/go-kong v0.59.0/go.mod h1:8Vt6HmtgLNgL/7bSwAlz3DIWqBtzG7qEt9+OnMiQOa0= +github.com/kong/go-kong v0.60.0 h1:CVrLXRLVE+Gl4IZ3tdvpO7xNDz3c9YLTmra/HvT4oM8= +github.com/kong/go-kong v0.60.0/go.mod h1:t1eMY8GRS6778uQNzxgzRgnA3YKBXSZOEvYbNocH/aA= github.com/kong/go-slugify v1.0.0 h1:vCFAyf2sdoSlBtLcrmDWUFn0ohlpKiKvQfXZkO5vSKY= github.com/kong/go-slugify v1.0.0/go.mod h1:dbR2h3J2QKXQ1k0aww6cN7o4cIcwlWflr6RKRdcoaiw= github.com/kong/semver/v4 v4.0.1 h1:DIcNR8W3gfx0KabFBADPalxxsp+q/5COwIFkkhrFQ2Y= @@ -316,8 +316,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= -github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= @@ -472,8 +472,8 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8= -k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= +k8s.io/code-generator v0.31.2 h1:xLWxG0HEpMSHfcM//3u3Ro2Hmc6AyyLINQS//Z2GEOI= +k8s.io/code-generator v0.31.2/go.mod h1:eEQHXgBU/m7LDaToDoiz3t97dUUVyOblQdwOr8rivqc= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go index 56ca0bb..a3e4722 100644 --- a/pkg/diff/diff.go +++ b/pkg/diff/diff.go @@ -612,8 +612,7 @@ func (sc *Syncer) Solve(ctx context.Context, parallelism int, dry bool, isJSONOu pluginCopy := &state.Plugin{Plugin: *plugin.DeepCopy()} e.Obj = pluginCopy - exists, err := utils.WorkspaceExists(ctx, sc.kongClient) - if err == nil && exists { + if exists, _ := utils.WorkspaceExists(ctx, sc.kongClient); exists { var schema map[string]interface{} schema, err = sc.kongClient.Plugins.GetFullSchema(ctx, pluginCopy.Plugin.Name) if err != nil { @@ -621,8 +620,7 @@ func (sc *Syncer) Solve(ctx context.Context, parallelism int, dry bool, isJSONOu } // fill defaults and auto fields for the configuration that will be used for the diff - newPlugin := &pluginCopy.Plugin - if err := kong.FillPluginsDefaults(newPlugin, schema); err != nil { + if err := kong.FillPluginsDefaults(&pluginCopy.Plugin, schema); err != nil { return nil, fmt.Errorf("failed processing auto fields: %w", err) } @@ -635,6 +633,17 @@ func (sc *Syncer) Solve(ctx context.Context, parallelism int, dry bool, isJSONOu }); err != nil { return nil, fmt.Errorf("failed processing auto fields: %w", err) } + + // `oldPlugin` contains both new and deprecated fields. + // If `plugin` (the new plugin) contains only deprecated fields, + // we need to remove the new fields from `oldPlugin` to ensure both configurations align correctly. + if oldPlugin, ok := e.OldObj.(*state.Plugin); ok { + oldPluginCopy := &state.Plugin{Plugin: *oldPlugin.DeepCopy()} + e.OldObj = oldPluginCopy + if err := kong.ClearUnmatchingDeprecations(&pluginCopy.Plugin, &oldPluginCopy.Plugin, schema); err != nil { + return nil, fmt.Errorf("failed processing auto fields: %w", err) + } + } } } diff --git a/pkg/types/plugin.go b/pkg/types/plugin.go index b416438..b1262ce 100644 --- a/pkg/types/plugin.go +++ b/pkg/types/plugin.go @@ -186,6 +186,10 @@ func (d *pluginDiffer) createUpdatePlugin(plugin *state.Plugin) (*crud.Event, er return nil, fmt.Errorf("failed processing auto fields: %w", err) } + if err := kong.ClearUnmatchingDeprecations(&pluginWithDefaults.Plugin, ¤tPlugin.Plugin, schema); err != nil { + return nil, fmt.Errorf("failed clearing unmatching deprecations fields: %w", err) + } + if !currentPlugin.EqualWithOpts(pluginWithDefaults, false, true, false) { return &crud.Event{ Op: crud.Update, diff --git a/tests/integration/diff_test.go b/tests/integration/diff_test.go index e033c00..89cc1be 100644 --- a/tests/integration/diff_test.go +++ b/tests/integration/diff_test.go @@ -454,6 +454,982 @@ Summary: "errors": [] } +` + expectedOutputPluginUpdateNoChange = `Summary: + Created: 0 + Updated: 0 + Deleted: 0 +` + + expectedOutputPluginUpdateChangedNewFields = `updating plugin openid-connect (global) { + "config": { + "anonymous": null, + "audience": null, + "audience_claim": [ + "aud" + ], + "audience_required": null, + "auth_methods": [ + "password", + "client_credentials", + "authorization_code", + "bearer", + "introspection", + "userinfo", + "kong_oauth2", + "refresh_token", + "session" + ], + "authenticated_groups_claim": null, + "authorization_cookie_domain": null, + "authorization_cookie_http_only": true, + "authorization_cookie_name": "authorization", + "authorization_cookie_path": "/", + "authorization_cookie_same_site": "Default", + "authorization_cookie_secure": null, + "authorization_endpoint": null, + "authorization_query_args_client": null, + "authorization_query_args_names": null, + "authorization_query_args_values": null, + "authorization_rolling_timeout": 600, + "bearer_token_cookie_name": null, + "bearer_token_param_type": [ + "header", + "query", + "body" + ], + "by_username_ignore_case": false, + "cache_introspection": true, + "cache_token_exchange": true, + "cache_tokens": true, + "cache_tokens_salt": null, + "cache_ttl": 3600, + "cache_ttl_max": null, + "cache_ttl_min": null, + "cache_ttl_neg": null, + "cache_ttl_resurrect": null, + "cache_user_info": true, + "claims_forbidden": null, + "client_alg": null, + "client_arg": "client_id", + "client_auth": null, + "client_credentials_param_type": [ + "header", + "query", + "body" + ], + "client_id": null, + "client_jwk": null, + "client_secret": null, + "cluster_cache_redis": { + "cluster_max_redirections": 5, + "cluster_nodes": null, + "connect_timeout": 2000, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.1", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6379, + "read_timeout": 2000, + "send_timeout": 2000, + "sentinel_master": null, + "sentinel_nodes": null, + "sentinel_password": null, + "sentinel_role": null, + "sentinel_username": null, + "server_name": null, + "ssl": false, + "ssl_verify": false, + "username": null + }, + "cluster_cache_strategy": "[masked]", + "consumer_by": [ + "username", + "custom_id" + ], + "consumer_claim": null, + "consumer_optional": false, + "credential_claim": [ + "sub" + ], + "disable_session": null, + "discovery_headers_names": null, + "discovery_headers_values": null, + "display_errors": false, + "domains": null, + "downstream_access_token_header": null, + "downstream_access_token_jwk_header": null, + "downstream_headers_claims": null, + "downstream_headers_names": null, + "downstream_id_token_header": null, + "downstream_id_token_jwk_header": null, + "downstream_introspection_header": null, + "downstream_introspection_jwt_header": null, + "downstream_refresh_token_header": null, + "downstream_session_id_header": null, + "downstream_user_info_header": null, + "downstream_user_info_jwt_header": null, + "dpop_proof_lifetime": 300, + "dpop_use_nonce": false, + "enable_hs_signatures": false, + "end_session_endpoint": null, + "expose_error_code": true, + "extra_jwks_uris": null, + "forbidden_destroy_session": true, + "forbidden_error_message": "Forbidden", + "forbidden_redirect_uri": null, + "groups_claim": [ + "groups" + ], + "groups_required": null, + "hide_credentials": false, + "http_proxy": null, + "http_proxy_authorization": null, + "http_version": 1.1, + "https_proxy": null, + "https_proxy_authorization": null, + "id_token_param_name": null, + "id_token_param_type": [ + "header", + "query", + "body" + ], + "ignore_signature": [ + ], + "introspect_jwt_tokens": false, + "introspection_accept": "application/json", + "introspection_check_active": true, + "introspection_endpoint": null, + "introspection_endpoint_auth_method": null, + "introspection_headers_client": null, + "introspection_headers_names": null, + "introspection_headers_values": null, + "introspection_hint": "access_token", + "introspection_post_args_client": null, + "introspection_post_args_names": null, + "introspection_post_args_values": null, + "introspection_token_param_name": "token", + "issuer": "https://accounts.google.test/.well-known/openid-configuration", + "issuers_allowed": null, + "jwt_session_claim": "sid", + "jwt_session_cookie": null, + "keepalive": true, + "leeway": 0, + "login_action": "upstream", + "login_methods": [ + "authorization_code" + ], + "login_redirect_mode": "fragment", + "login_redirect_uri": null, + "login_tokens": [ + "id_token" + ], + "logout_methods": [ + "POST", + "DELETE" + ], + "logout_post_arg": null, + "logout_query_arg": null, + "logout_redirect_uri": null, + "logout_revoke": false, + "logout_revoke_access_token": true, + "logout_revoke_refresh_token": true, + "logout_uri_suffix": null, + "max_age": null, + "mtls_introspection_endpoint": null, + "mtls_revocation_endpoint": null, + "mtls_token_endpoint": null, + "no_proxy": null, + "password_param_type": [ + "header", + "query", + "body" + ], + "preserve_query_args": false, + "proof_of_possession_auth_methods_validation": true, + "proof_of_possession_dpop": "[masked]", + "proof_of_possession_mtls": "[masked]", + "pushed_authorization_request_endpoint": null, + "pushed_authorization_request_endpoint_auth_method": null, + "redirect_uri": null, + "redis": { +- "cluster_max_redirections": null, ++ "cluster_max_redirections": 11, +- "cluster_nodes": null, ++ "cluster_nodes": [ ++ { ++ "ip": "127.0.1.0", ++ "port": 7379 ++ }, ++ { ++ "ip": "127.0.1.0", ++ "port": 7380 ++ }, ++ { ++ "ip": "127.0.1.0", ++ "port": 7381 ++ } ++ ], + "connect_timeout": 2000, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.1", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6379, + "prefix": null, + "read_timeout": 2000, + "send_timeout": 2000, + "sentinel_master": null, + "sentinel_nodes": null, + "sentinel_password": null, + "sentinel_role": null, + "sentinel_username": null, + "server_name": null, + "socket": null, + "ssl": false, + "ssl_verify": false, + "username": null + }, + "rediscovery_lifetime": 30, + "refresh_token_param_name": null, + "refresh_token_param_type": [ + "header", + "query", + "body" + ], + "refresh_tokens": true, + "require_proof_key_for_code_exchange": null, + "require_pushed_authorization_requests": null, + "require_signed_request_object": null, + "resolve_distributed_claims": false, + "response_mode": "query", + "response_type": [ + "code" + ], + "reverify": false, + "revocation_endpoint": null, + "revocation_endpoint_auth_method": null, + "revocation_token_param_name": "token", + "roles_claim": [ + "roles" + ], + "roles_required": null, + "run_on_preflight": true, + "scopes": [ + "openid" + ], + "scopes_claim": [ + "scope" + ], + "scopes_required": null, + "search_user_info": false, + "session_absolute_timeout": 86400, + "session_audience": "default", + "session_cookie_domain": null, + "session_cookie_http_only": true, + "session_cookie_name": "session", + "session_cookie_path": "/", + "session_cookie_same_site": "Lax", + "session_cookie_secure": null, + "session_enforce_same_subject": false, + "session_hash_storage_key": false, + "session_hash_subject": false, + "session_idling_timeout": 900, + "session_memcached_host": "127.0.0.1", + "session_memcached_port": 11211, + "session_memcached_prefix": null, + "session_memcached_socket": null, + "session_remember": false, + "session_remember_absolute_timeout": 2.592e+06, + "session_remember_cookie_name": "remember", + "session_remember_rolling_timeout": 604800, + "session_request_headers": null, + "session_response_headers": null, + "session_rolling_timeout": 3600, + "session_secret": null, + "session_storage": "cookie", + "session_store_metadata": false, + "ssl_verify": false, + "timeout": 10000, + "tls_client_auth_cert_id": null, + "tls_client_auth_ssl_verify": true, + "token_cache_key_include_scope": false, + "token_endpoint": null, + "token_endpoint_auth_method": null, + "token_exchange_endpoint": null, + "token_headers_client": null, + "token_headers_grants": null, + "token_headers_names": null, + "token_headers_prefix": null, + "token_headers_replay": null, + "token_headers_values": null, + "token_post_args_client": null, + "token_post_args_names": null, + "token_post_args_values": null, + "unauthorized_destroy_session": true, + "unauthorized_error_message": "Unauthorized", + "unauthorized_redirect_uri": null, + "unexpected_redirect_uri": null, + "upstream_access_token_header": "authorization:bearer", + "upstream_access_token_jwk_header": null, + "upstream_headers_claims": null, + "upstream_headers_names": null, + "upstream_id_token_header": null, + "upstream_id_token_jwk_header": null, + "upstream_introspection_header": null, + "upstream_introspection_jwt_header": null, + "upstream_refresh_token_header": null, + "upstream_session_id_header": null, + "upstream_user_info_header": null, + "upstream_user_info_jwt_header": null, + "userinfo_accept": "application/json", + "userinfo_endpoint": null, + "userinfo_headers_client": null, + "userinfo_headers_names": null, + "userinfo_headers_values": null, + "userinfo_query_args_client": null, + "userinfo_query_args_names": null, + "userinfo_query_args_values": null, + "using_pseudo_issuer": false, + "verify_claims": true, + "verify_nonce": true, + "verify_parameters": false, + "verify_signature": true + }, + "enabled": true, + "id": "777496e1-8b35-4512-ad30-51f9fe5d3147", + "name": "openid-connect", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +updating plugin rate-limiting-advanced (global) { + "config": { + "consumer_groups": null, + "dictionary_name": "kong_rate_limiting_counters", + "disable_penalty": false, + "enforce_consumer_groups": false, + "error_code": 429, + "error_message": "API rate limit exceeded", + "header_name": null, + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 10 + ], + "namespace": "ZEz47TWgUrv01HenyQBQa8io06MWsp0L", + "path": null, + "redis": { + "cluster_max_redirections": 5, + "cluster_nodes": [ + { + "ip": "127.0.1.0", +- "port": 6379 ++ "port": 7379 + }, + { + "ip": "127.0.1.0", +- "port": 6380 ++ "port": 7380 + }, + { + "ip": "127.0.1.0", +- "port": 6381 ++ "port": 7381 + } + ], +- "connect_timeout": 2000, ++ "connect_timeout": 2005, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.5", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6380, +- "read_timeout": 2000, ++ "read_timeout": 2006, +- "send_timeout": 2000, ++ "send_timeout": 2007, + "sentinel_master": "mymaster", + "sentinel_nodes": [ + { + "host": "127.0.2.0", +- "port": 6379 ++ "port": 8379 + }, + { + "host": "127.0.2.0", +- "port": 6380 ++ "port": 8380 + }, + { + "host": "127.0.2.0", +- "port": 6381 ++ "port": 8381 + } + ], + "sentinel_password": null, + "sentinel_role": "master", + "sentinel_username": null, + "server_name": null, + "ssl": false, + "ssl_verify": false, + "username": null + }, + "retry_after_jitter_max": 0, + "strategy": "redis", + "sync_rate": 10, + "window_size": [ + 60 + ], + "window_type": "sliding" + }, + "enabled": true, + "id": "a1368a28-cb5c-4eee-86d8-03a6bdf94b5e", + "name": "rate-limiting-advanced", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +Summary: + Created: 0 + Updated: 2 + Deleted: 0 +` + expectedOutputPluginUpdateChangedOldFields = `updating plugin openid-connect (global) { + "config": { + "anonymous": null, + "audience": null, + "audience_claim": [ + "aud" + ], + "audience_required": null, + "auth_methods": [ + "password", + "client_credentials", + "authorization_code", + "bearer", + "introspection", + "userinfo", + "kong_oauth2", + "refresh_token", + "session" + ], + "authenticated_groups_claim": null, + "authorization_cookie_domain": null, + "authorization_cookie_http_only": true, + "authorization_cookie_name": "authorization", + "authorization_cookie_path": "/", + "authorization_cookie_same_site": "Default", + "authorization_cookie_secure": null, + "authorization_endpoint": null, + "authorization_query_args_client": null, + "authorization_query_args_names": null, + "authorization_query_args_values": null, + "authorization_rolling_timeout": 600, + "bearer_token_cookie_name": null, + "bearer_token_param_type": [ + "header", + "query", + "body" + ], + "by_username_ignore_case": false, + "cache_introspection": true, + "cache_token_exchange": true, + "cache_tokens": true, + "cache_tokens_salt": null, + "cache_ttl": 3600, + "cache_ttl_max": null, + "cache_ttl_min": null, + "cache_ttl_neg": null, + "cache_ttl_resurrect": null, + "cache_user_info": true, + "claims_forbidden": null, + "client_alg": null, + "client_arg": "client_id", + "client_auth": null, + "client_credentials_param_type": [ + "header", + "query", + "body" + ], + "client_id": null, + "client_jwk": null, + "client_secret": null, + "cluster_cache_redis": { + "cluster_max_redirections": 5, + "cluster_nodes": null, + "connect_timeout": 2000, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.1", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6379, + "read_timeout": 2000, + "send_timeout": 2000, + "sentinel_master": null, + "sentinel_nodes": null, + "sentinel_password": null, + "sentinel_role": null, + "sentinel_username": null, + "server_name": null, + "ssl": false, + "ssl_verify": false, + "username": null + }, + "cluster_cache_strategy": "[masked]", + "consumer_by": [ + "username", + "custom_id" + ], + "consumer_claim": null, + "consumer_optional": false, + "credential_claim": [ + "sub" + ], + "disable_session": null, + "discovery_headers_names": null, + "discovery_headers_values": null, + "display_errors": false, + "domains": null, + "downstream_access_token_header": null, + "downstream_access_token_jwk_header": null, + "downstream_headers_claims": null, + "downstream_headers_names": null, + "downstream_id_token_header": null, + "downstream_id_token_jwk_header": null, + "downstream_introspection_header": null, + "downstream_introspection_jwt_header": null, + "downstream_refresh_token_header": null, + "downstream_session_id_header": null, + "downstream_user_info_header": null, + "downstream_user_info_jwt_header": null, + "dpop_proof_lifetime": 300, + "dpop_use_nonce": false, + "enable_hs_signatures": false, + "end_session_endpoint": null, + "expose_error_code": true, + "extra_jwks_uris": null, + "forbidden_destroy_session": true, + "forbidden_error_message": "Forbidden", + "forbidden_redirect_uri": null, + "groups_claim": [ + "groups" + ], + "groups_required": null, + "hide_credentials": false, + "http_proxy": null, + "http_proxy_authorization": null, + "http_version": 1.1, + "https_proxy": null, + "https_proxy_authorization": null, + "id_token_param_name": null, + "id_token_param_type": [ + "header", + "query", + "body" + ], + "ignore_signature": [ + ], + "introspect_jwt_tokens": false, + "introspection_accept": "application/json", + "introspection_check_active": true, + "introspection_endpoint": null, + "introspection_endpoint_auth_method": null, + "introspection_headers_client": null, + "introspection_headers_names": null, + "introspection_headers_values": null, + "introspection_hint": "access_token", + "introspection_post_args_client": null, + "introspection_post_args_names": null, + "introspection_post_args_values": null, + "introspection_token_param_name": "token", + "issuer": "https://accounts.google.test/.well-known/openid-configuration", + "issuers_allowed": null, + "jwt_session_claim": "sid", + "jwt_session_cookie": null, + "keepalive": true, + "leeway": 0, + "login_action": "upstream", + "login_methods": [ + "authorization_code" + ], + "login_redirect_mode": "fragment", + "login_redirect_uri": null, + "login_tokens": [ + "id_token" + ], + "logout_methods": [ + "POST", + "DELETE" + ], + "logout_post_arg": null, + "logout_query_arg": null, + "logout_redirect_uri": null, + "logout_revoke": false, + "logout_revoke_access_token": true, + "logout_revoke_refresh_token": true, + "logout_uri_suffix": null, + "max_age": null, + "mtls_introspection_endpoint": null, + "mtls_revocation_endpoint": null, + "mtls_token_endpoint": null, + "no_proxy": null, + "password_param_type": [ + "header", + "query", + "body" + ], + "preserve_query_args": false, + "proof_of_possession_auth_methods_validation": true, + "proof_of_possession_dpop": "[masked]", + "proof_of_possession_mtls": "[masked]", + "pushed_authorization_request_endpoint": null, + "pushed_authorization_request_endpoint_auth_method": null, + "redirect_uri": null, + "redis": { + "connect_timeout": 2000, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.1", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6379, + "prefix": null, + "read_timeout": 2000, + "send_timeout": 2000, + "sentinel_master": null, + "sentinel_nodes": null, + "sentinel_password": null, + "sentinel_role": null, + "sentinel_username": null, + "server_name": null, + "socket": null, + "ssl": false, + "ssl_verify": false, + "username": null + }, + "rediscovery_lifetime": 30, + "refresh_token_param_name": null, + "refresh_token_param_type": [ + "header", + "query", + "body" + ], + "refresh_tokens": true, + "require_proof_key_for_code_exchange": null, + "require_pushed_authorization_requests": null, + "require_signed_request_object": null, + "resolve_distributed_claims": false, + "response_mode": "query", + "response_type": [ + "code" + ], + "reverify": false, + "revocation_endpoint": null, + "revocation_endpoint_auth_method": null, + "revocation_token_param_name": "token", + "roles_claim": [ + "roles" + ], + "roles_required": null, + "run_on_preflight": true, + "scopes": [ + "openid" + ], + "scopes_claim": [ + "scope" + ], + "scopes_required": null, + "search_user_info": false, + "session_absolute_timeout": 86400, + "session_audience": "default", + "session_cookie_domain": null, + "session_cookie_http_only": true, + "session_cookie_name": "session", + "session_cookie_path": "/", + "session_cookie_same_site": "Lax", + "session_cookie_secure": null, + "session_enforce_same_subject": false, + "session_hash_storage_key": false, + "session_hash_subject": false, + "session_idling_timeout": 900, + "session_memcached_host": "127.0.0.1", + "session_memcached_port": 11211, + "session_memcached_prefix": null, + "session_memcached_socket": null, +- "session_redis_cluster_max_redirections": null, ++ "session_redis_cluster_max_redirections": 7, +- "session_redis_cluster_nodes": null, ++ "session_redis_cluster_nodes": [ ++ { ++ "ip": "127.0.1.0", ++ "port": 6379 ++ }, ++ { ++ "ip": "127.0.1.0", ++ "port": 6380 ++ }, ++ { ++ "ip": "127.0.1.0", ++ "port": 6381 ++ } ++ ], + "session_remember": false, + "session_remember_absolute_timeout": 2.592e+06, + "session_remember_cookie_name": "remember", + "session_remember_rolling_timeout": 604800, + "session_request_headers": null, + "session_response_headers": null, + "session_rolling_timeout": 3600, + "session_secret": null, + "session_storage": "cookie", + "session_store_metadata": false, + "ssl_verify": false, + "timeout": 10000, + "tls_client_auth_cert_id": null, + "tls_client_auth_ssl_verify": true, + "token_cache_key_include_scope": false, + "token_endpoint": null, + "token_endpoint_auth_method": null, + "token_exchange_endpoint": null, + "token_headers_client": null, + "token_headers_grants": null, + "token_headers_names": null, + "token_headers_prefix": null, + "token_headers_replay": null, + "token_headers_values": null, + "token_post_args_client": null, + "token_post_args_names": null, + "token_post_args_values": null, + "unauthorized_destroy_session": true, + "unauthorized_error_message": "Unauthorized", + "unauthorized_redirect_uri": null, + "unexpected_redirect_uri": null, + "upstream_access_token_header": "authorization:bearer", + "upstream_access_token_jwk_header": null, + "upstream_headers_claims": null, + "upstream_headers_names": null, + "upstream_id_token_header": null, + "upstream_id_token_jwk_header": null, + "upstream_introspection_header": null, + "upstream_introspection_jwt_header": null, + "upstream_refresh_token_header": null, + "upstream_session_id_header": null, + "upstream_user_info_header": null, + "upstream_user_info_jwt_header": null, + "userinfo_accept": "application/json", + "userinfo_endpoint": null, + "userinfo_headers_client": null, + "userinfo_headers_names": null, + "userinfo_headers_values": null, + "userinfo_query_args_client": null, + "userinfo_query_args_names": null, + "userinfo_query_args_values": null, + "using_pseudo_issuer": false, + "verify_claims": true, + "verify_nonce": true, + "verify_parameters": false, + "verify_signature": true + }, + "enabled": true, + "id": "777496e1-8b35-4512-ad30-51f9fe5d3147", + "name": "openid-connect", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +updating plugin rate-limiting-advanced (global) { + "config": { + "consumer_groups": null, + "dictionary_name": "kong_rate_limiting_counters", + "disable_penalty": false, + "enforce_consumer_groups": false, + "error_code": 429, + "error_message": "API rate limit exceeded", + "header_name": null, + "hide_client_headers": false, + "identifier": "consumer", + "limit": [ + 10 + ], + "namespace": "ZEz47TWgUrv01HenyQBQa8io06MWsp0L", + "path": null, + "redis": { + "cluster_addresses": [ +- "127.0.1.0:6379", ++ "127.0.1.0:7379", +- "127.0.1.0:6380", ++ "127.0.1.0:7380", +- "127.0.1.0:6381" ++ "127.0.1.0:7381" + ], + "cluster_max_redirections": 5, + "connection_is_proxied": false, + "database": 0, + "host": "127.0.0.5", + "keepalive_backlog": null, + "keepalive_pool_size": 256, + "password": null, + "port": 6380, + "sentinel_addresses": [ +- "127.0.2.0:6379", ++ "127.0.2.0:8379", +- "127.0.2.0:6380", ++ "127.0.2.0:8380", +- "127.0.2.0:6381" ++ "127.0.2.0:8381" + ], + "sentinel_master": "mymaster", + "sentinel_password": null, + "sentinel_role": "master", + "sentinel_username": null, + "server_name": null, + "ssl": false, + "ssl_verify": false, +- "timeout": 2000, ++ "timeout": 2007, + "username": null + }, + "retry_after_jitter_max": 0, + "strategy": "redis", +- "sync_rate": 10, ++ "sync_rate": 11, + "window_size": [ + 60 + ], + "window_type": "sliding" + }, + "enabled": true, + "id": "a1368a28-cb5c-4eee-86d8-03a6bdf94b5e", + "name": "rate-limiting-advanced", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +Summary: + Created: 0 + Updated: 2 + Deleted: 0 +` + + expectedOutputPluginUpdateChangedNewFields36 = `updating plugin rate-limiting (global) { + "config": { + "day": null, + "error_code": 429, + "error_message": "API rate limit exceeded", + "fault_tolerant": true, + "header_name": null, + "hide_client_headers": false, + "hour": 10000, + "limit_by": "consumer", + "minute": null, + "month": null, + "path": null, + "policy": "redis", + "redis": { +- "database": 0, ++ "database": 3, +- "host": "localhost", ++ "host": "localhost-3", + "password": null, + "port": 6379, + "server_name": null, + "ssl": false, + "ssl_verify": false, + "timeout": 2000, + "username": null + }, + "second": null, + "sync_rate": -1, + "year": null + }, + "enabled": true, + "id": "2705d985-de4b-4ca8-87fd-2b361e30a3e7", + "name": "rate-limiting", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +Summary: + Created: 0 + Updated: 1 + Deleted: 0 +` + expectedOutputPluginUpdateChangedOldFields36 = `updating plugin rate-limiting (global) { + "config": { + "day": null, + "error_code": 429, + "error_message": "API rate limit exceeded", + "fault_tolerant": true, + "header_name": null, + "hide_client_headers": false, + "hour": 10000, + "limit_by": "consumer", + "minute": null, + "month": null, + "path": null, + "policy": "redis", + "redis": { + "password": null, + "port": 6379, + "server_name": null, + "ssl": false, + "ssl_verify": false, + "timeout": 2000, + "username": null + }, +- "redis_database": 0, ++ "redis_database": 2, +- "redis_host": "localhost", ++ "redis_host": "localhost-2", + "second": null, + "sync_rate": -1, + "year": null + }, + "enabled": true, + "id": "2705d985-de4b-4ca8-87fd-2b361e30a3e7", + "name": "rate-limiting", + "protocols": [ + "grpc", + "grpcs", + "http", + "https" + ] + } + +Summary: + Created: 0 + Updated: 1 + Deleted: 0 ` ) @@ -742,3 +1718,109 @@ func Test_Diff_Unmasked_NewerThan3x(t *testing.T) { }) } } + +func Test_Diff_PluginUpdate_NewerThan38x(t *testing.T) { + runWhenEnterpriseOrKonnect(t, ">=3.8.0") + setup(t) + + tests := []struct { + name string + initialStateFile string + stateFile string + expectedDiff string + }{ + { + name: "initial setup sent twice - no diff expected", + initialStateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + stateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only old fields with same values", + initialStateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + stateFile: "testdata/diff/004-plugin-update/kong-ee-no-change-old-fields.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only new fields with same values", + initialStateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + stateFile: "testdata/diff/004-plugin-update/kong-ee-no-change-new-fields.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only old fields with new values", + initialStateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + stateFile: "testdata/diff/004-plugin-update/kong-ee-changed-new-fields.yaml", + expectedDiff: expectedOutputPluginUpdateChangedNewFields, + }, + { + name: "initial vs updating by sending only new fields with new values", + initialStateFile: "testdata/diff/004-plugin-update/initial-ee.yaml", + stateFile: "testdata/diff/004-plugin-update/kong-ee-changed-old-fields.yaml", + expectedDiff: expectedOutputPluginUpdateChangedOldFields, + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + // initialize state + assert.NoError(t, sync(tc.initialStateFile)) + + out, err := diff(tc.stateFile) + assert.NoError(t, err) + assert.Equal(t, tc.expectedDiff, out) + }) + } +} + +func Test_Diff_PluginUpdate_OlderThan38x(t *testing.T) { + runWhen(t, "kong", ">=3.6.0 <3.8.0") + setup(t) + + tests := []struct { + name string + initialStateFile string + stateFile string + expectedDiff string + }{ + { + name: "initial setup sent twice - no diff expected", + initialStateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + stateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only old fields with same values", + initialStateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + stateFile: "testdata/diff/005-deprecated-fields/kong-no-change-old-fields.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only new fields with same values", + initialStateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + stateFile: "testdata/diff/005-deprecated-fields/kong-no-change-new-fields.yaml", + expectedDiff: expectedOutputPluginUpdateNoChange, + }, + { + name: "initial vs updating by sending only old fields with new values", + initialStateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + stateFile: "testdata/diff/005-deprecated-fields/kong-update-old-fields.yaml", + expectedDiff: expectedOutputPluginUpdateChangedOldFields36, + }, + { + name: "initial vs updating by sending only new fields with new values", + initialStateFile: "testdata/diff/005-deprecated-fields/kong-initial.yaml", + stateFile: "testdata/diff/005-deprecated-fields/kong-update-new-fields.yaml", + expectedDiff: expectedOutputPluginUpdateChangedNewFields36, + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + // initialize state + assert.NoError(t, sync(tc.initialStateFile)) + + out, err := diff(tc.stateFile) + assert.NoError(t, err) + assert.Equal(t, tc.expectedDiff, out) + }) + } +} diff --git a/tests/integration/sync_test.go b/tests/integration/sync_test.go index ad00e60..031faca 100644 --- a/tests/integration/sync_test.go +++ b/tests/integration/sync_test.go @@ -5753,3 +5753,305 @@ func Test_Sync_MoreThanOneConsumerGroupForOneConsumer_2_8(t *testing.T) { require.NoError(t, sync("testdata/sync/xxx-more-than-one-consumer-group-with-a-consumer/kong.yaml")) testKongState(t, client, false, expectedState, nil) } + +func Test_Sync_PluginDeprecatedFields36x(t *testing.T) { + runWhen(t, "kong", ">=3.6.0 <3.8.0") + + client, err := getTestClient() + require.NoError(t, err) + + ctx := context.Background() + mustResetKongState(ctx, t, client, deckDump.Config{}) + + rateLimitingConfigurationInitial := DefaultConfigFactory.RateLimitingConfiguration() + expectedInitialState := utils.KongRawState{ + Plugins: []*kong.Plugin{ + DefaultConfigFactory.Plugin( + "2705d985-de4b-4ca8-87fd-2b361e30a3e7", "rate-limiting", rateLimitingConfigurationInitial, + ), + }, + } + + rateLimitingConfigurationUpdatedOldFields := rateLimitingConfigurationInitial.DeepCopy() + rateLimitingConfigurationUpdatedOldFields["redis_host"] = string("localhost-2") + rateLimitingConfigurationUpdatedOldFields["redis_database"] = float64(2) + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["host"] = string("localhost-2") + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["database"] = float64(2) + + expectedStateAfterChangeUsingOldFields := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("2705d985-de4b-4ca8-87fd-2b361e30a3e7"), + Name: kong.String("rate-limiting"), + Enabled: kong.Bool(true), + Protocols: []*string{kong.String("grpc"), kong.String("grpcs"), kong.String("http"), kong.String("https")}, + Config: rateLimitingConfigurationUpdatedOldFields, + }, + }, + } + + rateLimitingConfigurationUpdatedNewFields := rateLimitingConfigurationInitial.DeepCopy() + rateLimitingConfigurationUpdatedNewFields["redis_host"] = string("localhost-3") + rateLimitingConfigurationUpdatedNewFields["redis_database"] = float64(3) + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["host"] = string("localhost-3") + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["database"] = float64(3) + + expectedStateAfterChangeUsingNewFields := utils.KongRawState{ + Plugins: []*kong.Plugin{ + { + ID: kong.String("2705d985-de4b-4ca8-87fd-2b361e30a3e7"), + Name: kong.String("rate-limiting"), + Enabled: kong.Bool(true), + Protocols: []*string{kong.String("grpc"), kong.String("grpcs"), kong.String("http"), kong.String("https")}, + Config: rateLimitingConfigurationUpdatedNewFields, + }, + }, + } + + tests := []struct { + name string + stateFile string + expectedState utils.KongRawState + }{ + { + name: "initial sync", + stateFile: "testdata/sync/035-deprecated-fields/kong-ce/kong-initial.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but not update - using only old (deprecated) fields", + stateFile: "testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-old-fields.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but not update - using only new (not deprecated) fields", + stateFile: "testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-new-fields.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but with update - using only old (deprecated) fields", + stateFile: "testdata/sync/035-deprecated-fields/kong-ce/kong-update-old-fields.yaml", + expectedState: expectedStateAfterChangeUsingOldFields, + }, + { + name: "syncing but with update - using only new (not deprecated) fields", + stateFile: "testdata/sync/035-deprecated-fields/kong-ce/kong-update-new-fields.yaml", + expectedState: expectedStateAfterChangeUsingNewFields, + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + // initialize state + require.NoError(t, sync(tc.stateFile)) + + // test + testKongState(t, client, false, tc.expectedState, nil) + }) + } +} + +func Test_Sync_PluginDeprecatedFields38x(t *testing.T) { + runWhen(t, "kong", ">=3.8.0") + + // Setup RateLimitingAdvanced ============================== + rateLimitingAdvancedConfigurationInitial := DefaultConfigFactory.RateLimitingAdvancedConfiguration() + rateLimitingAdvancedConfigurationInitial["sync_rate"] = float64(10) + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["cluster_addresses"] = + []any{string("127.0.1.0:6379"), string("127.0.1.0:6380"), string("127.0.1.0:6381")} + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(6379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6381)}, + } + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["timeout"] = float64(2000) + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["connect_timeout"] = float64(2000) + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["read_timeout"] = float64(2000) + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["send_timeout"] = float64(2000) + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["sentinel_addresses"] = + []any{string("127.0.2.0:6379"), string("127.0.2.0:6380"), string("127.0.2.0:6381")} + rateLimitingAdvancedConfigurationInitial["redis"].(map[string]interface{})["sentinel_nodes"] = []any{ + map[string]any{"host": string("127.0.2.0"), "port": float64(6379)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(6380)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(6381)}, + } + + // Setup OpenIdConnect ============================== + openidConnectConfigurationInitial := DefaultConfigFactory.OpenIDConnectConfiguration() + openidConnectConfigurationInitial["redis"].(map[string]interface{})["cluster_max_redirections"] = nil + openidConnectConfigurationInitial["session_redis_cluster_max_redirections"] = nil + openidConnectConfigurationInitial["redis"].(map[string]interface{})["cluster_addresses"] = nil + openidConnectConfigurationInitial["redis"].(map[string]interface{})["cluster_nodes"] = nil + openidConnectConfigurationInitial["session_redis_cluster_nodes"] = nil + + // Initial State + expectedInitialState := utils.KongRawState{ + Services: []*kong.Service{ + DefaultConfigFactory.Service("9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d", "mockbin.org", "svc1"), + }, + Plugins: []*kong.Plugin{ + DefaultConfigFactory.Plugin( + "a1368a28-cb5c-4eee-86d8-03a6bdf94b5e", "rate-limiting-advanced", rateLimitingAdvancedConfigurationInitial, + ), + DefaultConfigFactory.Plugin( + "777496e1-8b35-4512-ad30-51f9fe5d3147", "openid-connect", openidConnectConfigurationInitial, + ), + }, + } + + rateLimitingConfigurationUpdatedOldFields := rateLimitingAdvancedConfigurationInitial.DeepCopy() + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["cluster_addresses"] = + []any{string("127.0.1.0:7379"), string("127.0.1.0:7380"), string("127.0.1.0:7381")} + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(7379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7381)}, + } + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["timeout"] = float64(2007) + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["connect_timeout"] = float64(2007) + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["read_timeout"] = float64(2007) + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["send_timeout"] = float64(2007) + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["sentinel_addresses"] = + []any{string("127.0.2.0:8379"), string("127.0.2.0:8380"), string("127.0.2.0:8381")} + rateLimitingConfigurationUpdatedOldFields["redis"].(map[string]interface{})["sentinel_nodes"] = []any{ + map[string]any{"host": string("127.0.2.0"), "port": float64(8379)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(8380)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(8381)}, + } + rateLimitingConfigurationUpdatedOldFields["sync_rate"] = float64(11) + + openidConnectConfigurationUpdatedOldFields := openidConnectConfigurationInitial.DeepCopy() + openidConnectConfigurationUpdatedOldFields["redis"].(map[string]interface{})["cluster_max_redirections"] = float64(7) + openidConnectConfigurationUpdatedOldFields["redis"].(map[string]interface{})["cluster_addresses"] = + []any{string("127.0.1.0:6379"), string("127.0.1.0:6380"), string("127.0.1.0:6381")} + openidConnectConfigurationUpdatedOldFields["redis"].(map[string]interface{})["cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(6379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6381)}, + } + openidConnectConfigurationUpdatedOldFields["session_redis_cluster_max_redirections"] = float64(7) + openidConnectConfigurationUpdatedOldFields["session_redis_cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(6379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(6381)}, + } + + expectedStateAfterChangeUsingOldFields := utils.KongRawState{ + Services: []*kong.Service{ + DefaultConfigFactory.Service("9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d", "mockbin.org", "svc1"), + }, + Plugins: []*kong.Plugin{ + DefaultConfigFactory.Plugin( + "a1368a28-cb5c-4eee-86d8-03a6bdf94b5e", "rate-limiting-advanced", rateLimitingConfigurationUpdatedOldFields, + ), + DefaultConfigFactory.Plugin( + "777496e1-8b35-4512-ad30-51f9fe5d3147", "openid-connect", openidConnectConfigurationUpdatedOldFields, + ), + }, + } + + rateLimitingConfigurationUpdatedNewFields := rateLimitingAdvancedConfigurationInitial.DeepCopy() + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["cluster_addresses"] = + []any{string("127.0.1.0:7379"), string("127.0.1.0:7380"), string("127.0.1.0:7381")} + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(7379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7381)}, + } + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["timeout"] = float64(2005) + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["connect_timeout"] = float64(2005) + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["read_timeout"] = float64(2006) + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["send_timeout"] = float64(2007) + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["sentinel_addresses"] = + []any{string("127.0.2.0:8379"), string("127.0.2.0:8380"), string("127.0.2.0:8381")} + rateLimitingConfigurationUpdatedNewFields["redis"].(map[string]interface{})["sentinel_nodes"] = []any{ + map[string]any{"host": string("127.0.2.0"), "port": float64(8379)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(8380)}, + map[string]any{"host": string("127.0.2.0"), "port": float64(8381)}, + } + rateLimitingConfigurationUpdatedNewFields["sync_rate"] = float64(11) + + openidConnectConfigurationUpdatedNewFields := openidConnectConfigurationInitial.DeepCopy() + openidConnectConfigurationUpdatedNewFields["redis"].(map[string]interface{})["cluster_max_redirections"] = float64(11) + openidConnectConfigurationUpdatedNewFields["session_redis_cluster_max_redirections"] = float64(11) + openidConnectConfigurationUpdatedNewFields["redis"].(map[string]interface{})["cluster_addresses"] = + []any{string("127.0.1.0:7379"), string("127.0.1.0:7380"), string("127.0.1.0:7381")} + openidConnectConfigurationUpdatedNewFields["redis"].(map[string]interface{})["cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(7379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7381)}, + } + openidConnectConfigurationUpdatedNewFields["session_redis_cluster_nodes"] = []any{ + map[string]any{"ip": string("127.0.1.0"), "port": float64(7379)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7380)}, + map[string]any{"ip": string("127.0.1.0"), "port": float64(7381)}, + } + + expectedStateAfterChangeUsingNewFields := utils.KongRawState{ + Services: []*kong.Service{ + DefaultConfigFactory.Service("9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d", "mockbin.org", "svc1"), + }, + Plugins: []*kong.Plugin{ + DefaultConfigFactory.Plugin( + "a1368a28-cb5c-4eee-86d8-03a6bdf94b5e", "rate-limiting-advanced", rateLimitingConfigurationUpdatedNewFields, + ), + DefaultConfigFactory.Plugin( + "777496e1-8b35-4512-ad30-51f9fe5d3147", "openid-connect", openidConnectConfigurationUpdatedNewFields, + ), + }, + } + + client, err := getTestClient() + require.NoError(t, err) + ctx := context.Background() + + tests := []struct { + name string + initialStateFile string + stateFile string + expectedState utils.KongRawState + }{ + { + name: "initial sync", + initialStateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + stateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but not update - using only old (deprecated) fields", + initialStateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + stateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-old-fields.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but not update - using only new (not deprecated) fields", + initialStateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + stateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-new-fields.yaml", + expectedState: expectedInitialState, + }, + { + name: "syncing but with update - using only old (deprecated) fields", + initialStateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + stateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-old-fields.yaml", + expectedState: expectedStateAfterChangeUsingOldFields, + }, + { + name: "syncing but with update - using only new (not deprecated) fields", + initialStateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml", + stateFile: "testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-new-fields.yaml", + expectedState: expectedStateAfterChangeUsingNewFields, + }, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + // initialize state + mustResetKongState(ctx, t, client, deckDump.Config{}) + require.NoError(t, sync(tc.initialStateFile)) + + // make tested changes + require.NoError(t, sync(tc.stateFile)) + + // test + testKongState(t, client, false, tc.expectedState, nil) + }) + } +} diff --git a/tests/integration/test_utils.go b/tests/integration/test_utils.go index b128789..50998ad 100644 --- a/tests/integration/test_utils.go +++ b/tests/integration/test_utils.go @@ -492,3 +492,423 @@ func (p *RecordRequestProxy) dumpRequests() []*http.Request { } var _ http.Handler = &RecordRequestProxy{} + +type configFactory struct { + Service func(id string, host string, name string) *kong.Service + Plugin func(id string, name string, config kong.Configuration) *kong.Plugin + RateLimitingConfiguration func() kong.Configuration + RateLimitingAdvancedConfiguration func() kong.Configuration + OpenIDConnectConfiguration func() kong.Configuration +} + +var DefaultConfigFactory = configFactory{ + Service: func(id string, host string, name string) *kong.Service { + return &kong.Service{ + ID: kong.String(id), + Host: kong.String(host), + Name: kong.String(name), + ConnectTimeout: kong.Int(60000), + Port: kong.Int(80), + Path: nil, + Protocol: kong.String("http"), + ReadTimeout: kong.Int(60000), + Retries: kong.Int(5), + WriteTimeout: kong.Int(60000), + Tags: []*string{kong.String("test")}, + Enabled: kong.Bool(true), + } + }, + Plugin: func(id, name string, config kong.Configuration) *kong.Plugin { + return &kong.Plugin{ + ID: kong.String(id), + Name: kong.String(name), + Enabled: kong.Bool(true), + Protocols: []*string{kong.String("grpc"), kong.String("grpcs"), kong.String("http"), kong.String("https")}, + Config: config, + } + }, + RateLimitingConfiguration: func() kong.Configuration { + return kong.Configuration{ + "day": nil, + "error_code": float64(429), + "error_message": "API rate limit exceeded", + "fault_tolerant": true, + "header_name": nil, + "hide_client_headers": false, + "hour": float64(10000), + "limit_by": string("consumer"), + "minute": nil, + "month": nil, + "path": nil, + "policy": string("redis"), + "redis": map[string]any{ + "database": float64(0), + "host": string("localhost"), + "password": nil, + "port": float64(6379), + "server_name": nil, + "ssl": bool(false), + "ssl_verify": bool(false), + "timeout": float64(2000), + "username": nil, + }, + "redis_database": float64(0), + "redis_host": "localhost", + "redis_password": nil, + "redis_port": float64(6379), + "redis_server_name": nil, + "redis_ssl_verify": bool(false), + "redis_ssl": bool(false), + "redis_timeout": float64(2000), + "redis_username": nil, + "second": nil, + "sync_rate": float64(-1), + "year": nil, + } + }, + RateLimitingAdvancedConfiguration: func() kong.Configuration { + return kong.Configuration{ + "consumer_groups": nil, + "dictionary_name": string("kong_rate_limiting_counters"), + "disable_penalty": bool(false), + "enforce_consumer_groups": bool(false), + "error_code": float64(429), + "error_message": "API rate limit exceeded", + "header_name": nil, + "hide_client_headers": false, + "identifier": string("consumer"), + "limit": []any{float64(10)}, + "namespace": string("ZEz47TWgUrv01HenyQBQa8io06MWsp0L"), + "path": nil, + "redis": map[string]any{ + "cluster_addresses": nil, + "cluster_max_redirections": float64(5), + "cluster_nodes": nil, + "connect_timeout": float64(2000), + "connection_is_proxied": bool(false), + "database": float64(0), + "host": string("127.0.0.5"), + "keepalive_backlog": nil, + "keepalive_pool_size": float64(256), + "password": nil, + "port": float64(6380), + "read_timeout": float64(2000), + "send_timeout": float64(2000), + "sentinel_addresses": nil, + "sentinel_master": string("mymaster"), + "sentinel_nodes": nil, + "sentinel_password": nil, + "sentinel_role": string("master"), + "sentinel_username": nil, + "server_name": nil, + "ssl": bool(false), + "ssl_verify": bool(false), + "timeout": float64(2000), + "username": nil, + }, + "retry_after_jitter_max": float64(0), + "strategy": string("redis"), + "sync_rate": float64(10), + "window_size": []any{float64(60)}, + "window_type": string("sliding"), + } + }, + OpenIDConnectConfiguration: func() kong.Configuration { + return kong.Configuration{ + "anonymous": nil, + "audience_claim": []any{string("aud")}, + "audience_required": nil, + "audience": nil, + "authenticated_groups_claim": nil, + "authorization_cookie_http_only": true, + "authorization_cookie_name": string("authorization"), + "authorization_cookie_path": string("/"), + "authorization_cookie_domain": nil, + "authorization_cookie_same_site": string("Default"), + "authorization_cookie_secure": nil, + "authorization_endpoint": nil, + "auth_methods": []any{ + string("password"), string("client_credentials"), string("authorization_code"), + string("bearer"), + string("introspection"), + string("userinfo"), + string("kong_oauth2"), + string("refresh_token"), + string("session"), + }, + "authorization_query_args_client": nil, + "authorization_query_args_names": nil, + "authorization_query_args_values": nil, + "authorization_rolling_timeout": float64(600), + "cache_introspection": true, + "cache_tokens": bool(true), + "cache_tokens_salt": nil, + "cache_ttl": float64(3600), + "cache_token_exchange": true, + "cache_ttl_max": nil, + "cache_ttl_min": nil, + "cache_ttl_neg": nil, + "cache_ttl_resurrect": nil, + "cache_user_info": true, + "claims_forbidden": nil, + "client_alg": nil, + "client_arg": string("client_id"), + "client_auth": nil, + "client_credentials_param_type": []any{string("header"), string("query"), string("body")}, + "client_id": nil, + "client_jwk": nil, + "client_secret": nil, + "cluster_cache_strategy": string("off"), + "cluster_cache_redis": map[string]any{ + "username": nil, + "sentinel_master": nil, + "sentinel_role": nil, + "connect_timeout": float64(2000), + "sentinel_nodes": nil, + "read_timeout": float64(2000), + "sentinel_password": nil, + "host": string("127.0.0.1"), + "ssl": false, + "cluster_addresses": nil, + "database": float64(0), + "cluster_max_redirections": float64(5), + "sentinel_addresses": nil, + "timeout": float64(2000), + "connection_is_proxied": false, + "cluster_nodes": nil, + "sentinel_username": nil, + "keepalive_pool_size": float64(256), + "keepalive_backlog": nil, + "port": float64(6379), + "server_name": nil, + "password": nil, + "send_timeout": float64(2000), + "ssl_verify": false, + }, + "consumer_by": []any{string("username"), string("custom_id")}, + "consumer_claim": nil, + "consumer_optional": false, + "credential_claim": []any{string("sub")}, + "disable_session": nil, + "discovery_headers_names": nil, + "discovery_headers_values": nil, + "display_errors": false, + "domains": nil, + "downstream_access_token_header": nil, + "downstream_access_token_jwk_header": nil, + "downstream_headers_claims": nil, + "downstream_headers_names": nil, + "downstream_id_token_header": nil, + "downstream_id_token_jwk_header": nil, + "downstream_introspection_header": nil, + "downstream_introspection_jwt_header": nil, + "downstream_refresh_token_header": nil, + "downstream_session_id_header": nil, + "downstream_user_info_header": nil, + "downstream_user_info_jwt_header": nil, + "dpop_proof_lifetime": float64(300), + "dpop_use_nonce": bool(false), + "enable_hs_signatures": false, + "end_session_endpoint": nil, + "expose_error_code": true, + "extra_jwks_uris": nil, + "forbidden_destroy_session": true, + "forbidden_error_message": string("Forbidden"), + "forbidden_redirect_uri": nil, + "groups_claim": []any{string("groups")}, + "groups_required": nil, + "hide_credentials": bool(false), + "http_proxy": nil, + "http_proxy_authorization": nil, + "http_version": float64(1.1), + "https_proxy": nil, + "https_proxy_authorization": nil, + "id_token_param_name": nil, + "id_token_param_type": []any{string("header"), string("query"), string("body")}, + "ignore_signature": []any{}, + "introspect_jwt_tokens": false, + "introspection_accept": string("application/json"), + "introspection_check_active": true, + "introspection_endpoint_auth_method": nil, + "introspection_endpoint": nil, + "introspection_headers_client": nil, + "introspection_headers_names": nil, + "introspection_headers_values": nil, + "introspection_hint": string("access_token"), + "introspection_post_args_client": nil, + "introspection_post_args_names": nil, + "introspection_post_args_values": nil, + "introspection_token_param_name": string("token"), + "issuer": string("https://accounts.google.test/.well-known/openid-configuration"), //nolint:lll + "issuers_allowed": nil, + "keepalive": true, + "jwt_session_claim": string("sid"), + "jwt_session_cookie": nil, + "leeway": float64(0), + "login_action": string("upstream"), + "login_methods": []any{string("authorization_code")}, + "login_redirect_uri": nil, + "login_redirect_mode": string("fragment"), + "login_tokens": []any{string("id_token")}, + "logout_methods": []any{string("POST"), string("DELETE")}, + "logout_post_arg": nil, + "logout_query_arg": nil, + "logout_redirect_uri": nil, + "logout_revoke_refresh_token": true, + "logout_revoke": false, + "logout_revoke_access_token": true, + "logout_uri_suffix": nil, + "max_age": nil, + "mtls_introspection_endpoint": nil, + "mtls_revocation_endpoint": nil, + "mtls_token_endpoint": nil, + "no_proxy": nil, + "password_param_type": []any{string("header"), string("query"), string("body")}, + "preserve_query_args": bool(false), + "proof_of_possession_auth_methods_validation": true, + "proof_of_possession_dpop": string("off"), + "proof_of_possession_mtls": string("off"), + "pushed_authorization_request_endpoint_auth_method": nil, + "pushed_authorization_request_endpoint": nil, + "redirect_uri": nil, + "redis": map[string]any{ + "cluster_addresses": nil, + "cluster_max_redirections": 5, + "cluster_nodes": nil, + "connect_timeout": float64(2000), + "connection_is_proxied": bool(false), + "database": float64(0), + "host": string("127.0.0.1"), + "keepalive_backlog": nil, + "keepalive_pool_size": float64(256), + "password": nil, + "port": float64(6379), + "prefix": nil, + "read_timeout": float64(2000), + "send_timeout": float64(2000), + "sentinel_addresses": nil, + "sentinel_master": nil, + "sentinel_nodes": nil, + "sentinel_password": nil, + "sentinel_role": nil, + "sentinel_username": nil, + "server_name": nil, + "socket": nil, + "ssl": bool(false), + "ssl_verify": bool(false), + "timeout": float64(2000), + "username": nil, + }, + "rediscovery_lifetime": float64(30), + "refresh_token_param_name": nil, + "refresh_token_param_type": []any{string("header"), string("query"), string("body")}, + "refresh_tokens": true, + "require_proof_key_for_code_exchange": nil, + "require_pushed_authorization_requests": nil, + "require_signed_request_object": nil, + "resolve_distributed_claims": false, + "response_mode": string("query"), + "response_type": []any{string("code")}, + "reverify": bool(false), + "revocation_endpoint_auth_method": nil, + "revocation_endpoint": nil, + "revocation_token_param_name": string("token"), + "roles_claim": []any{string("roles")}, + "roles_required": nil, + "run_on_preflight": bool(true), + "scopes": []any{string("openid")}, + "scopes_claim": []any{string("scope")}, + "scopes_required": nil, + "search_user_info": bool(false), + "session_absolute_timeout": float64(86400), + "session_audience": string("default"), + "session_cookie_domain": nil, + "session_cookie_http_only": true, + "session_cookie_name": string("session"), + "session_cookie_path": string("/"), + "session_cookie_same_site": string("Lax"), + "session_cookie_secure": nil, + "session_enforce_same_subject": bool(false), + "session_hash_storage_key": bool(false), + "session_hash_subject": bool(false), + "session_idling_timeout": float64(900), + "session_memcached_host": string("127.0.0.1"), + "session_memcached_port": float64(11211), + "session_memcached_prefix": nil, + "session_memcached_socket": nil, + "session_redis_cluster_max_redirections": 5, + "session_redis_cluster_nodes": nil, + "session_redis_connect_timeout": float64(2000), + "session_redis_host": string("127.0.0.1"), + "session_redis_port": float64(6379), + "session_redis_prefix": nil, + "session_redis_read_timeout": float64(2000), + "session_redis_send_timeout": float64(2000), + "session_redis_server_name": nil, + "session_redis_socket": nil, + "session_redis_ssl_verify": false, + "session_redis_ssl": false, + "session_redis_username": nil, + "session_redis_password": nil, + "session_remember_absolute_timeout": float64(2592000), + "session_remember_cookie_name": string("remember"), + "session_remember_rolling_timeout": float64(604800), + "bearer_token_cookie_name": nil, + "bearer_token_param_type": []any{string("header"), string("query"), string("body")}, + "by_username_ignore_case": bool(false), + "session_remember": false, + "session_request_headers": nil, + "session_response_headers": nil, + "session_rolling_timeout": float64(3600), + "session_secret": nil, + "session_storage": string("cookie"), + "session_store_metadata": bool(false), + "ssl_verify": false, + "timeout": float64(10000), + "tls_client_auth_cert_id": nil, + "tls_client_auth_ssl_verify": true, + "token_cache_key_include_scope": bool(false), + "token_endpoint": nil, + "token_endpoint_auth_method": nil, + "token_exchange_endpoint": nil, + "token_headers_client": nil, + "token_headers_grants": nil, + "token_headers_names": nil, + "token_headers_prefix": nil, + "token_headers_replay": nil, + "token_headers_values": nil, + "token_post_args_client": nil, + "token_post_args_names": nil, + "token_post_args_values": nil, + "unauthorized_destroy_session": true, + "unauthorized_error_message": string("Unauthorized"), + "unauthorized_redirect_uri": nil, + "unexpected_redirect_uri": nil, + "upstream_access_token_header": string("authorization:bearer"), + "upstream_access_token_jwk_header": nil, + "upstream_headers_claims": nil, + "upstream_headers_names": nil, + "upstream_id_token_header": nil, + "upstream_id_token_jwk_header": nil, + "upstream_introspection_header": nil, + "upstream_introspection_jwt_header": nil, + "upstream_refresh_token_header": nil, + "upstream_session_id_header": nil, + "upstream_user_info_header": nil, + "upstream_user_info_jwt_header": nil, + "userinfo_accept": string("application/json"), + "userinfo_endpoint": nil, + "userinfo_headers_client": nil, + "userinfo_headers_names": nil, + "userinfo_headers_values": nil, + "userinfo_query_args_client": nil, + "userinfo_query_args_names": nil, + "userinfo_query_args_values": nil, + "using_pseudo_issuer": bool(false), + "verify_claims": bool(true), + "verify_nonce": true, + "verify_parameters": false, + "verify_signature": true, + } + }, +} diff --git a/tests/integration/testdata/diff/004-plugin-update/initial-ee.yaml b/tests/integration/testdata/diff/004-plugin-update/initial-ee.yaml new file mode 100644 index 0000000..09f07a6 --- /dev/null +++ b/tests/integration/testdata/diff/004-plugin-update/initial-ee.yaml @@ -0,0 +1,71 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:6379 + - 127.0.1.0:6380 + - 127.0.1.0:6381 + cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381 + timeout: 2000 + connect_timeout: 2000 + read_timeout: 2000 + send_timeout: 2000 + sentinel_addresses: + - 127.0.2.0:6379 + - 127.0.2.0:6380 + - 127.0.2.0:6381 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 6379 + - host: 127.0.2.0 + port: 6380 + - host: 127.0.2.0 + port: 6381 + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: null + session_redis_cluster_nodes: null + redis: + cluster_nodes: null + cluster_max_redirections: null diff --git a/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-new-fields.yaml b/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-new-fields.yaml new file mode 100644 index 0000000..91c883b --- /dev/null +++ b/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-new-fields.yaml @@ -0,0 +1,66 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_nodes: + - ip: 127.0.1.0 + port: 7379 + - ip: 127.0.1.0 + port: 7380 + - ip: 127.0.1.0 + port: 7381 + connect_timeout: 2005 + read_timeout: 2006 + send_timeout: 2007 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 8379 + - host: 127.0.2.0 + port: 8380 + - host: 127.0.2.0 + port: 8381 + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + redis: + cluster_max_redirections: 11 + cluster_nodes: + - ip: 127.0.1.0 + port: 7379 + - ip: 127.0.1.0 + port: 7380 + - ip: 127.0.1.0 + port: 7381 diff --git a/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-old-fields.yaml b/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-old-fields.yaml new file mode 100644 index 0000000..ae0ea2f --- /dev/null +++ b/tests/integration/testdata/diff/004-plugin-update/kong-ee-changed-old-fields.yaml @@ -0,0 +1,57 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:7379 + - 127.0.1.0:7380 + - 127.0.1.0:7381 + timeout: 2007 + sentinel_addresses: + - 127.0.2.0:8379 + - 127.0.2.0:8380 + - 127.0.2.0:8381 + sentinel_master: mymaster + sentinel_role: master + strategy: redis + sync_rate: 11 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: 7 + session_redis_cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381 diff --git a/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-new-fields.yaml b/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-new-fields.yaml new file mode 100644 index 0000000..0947058 --- /dev/null +++ b/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-new-fields.yaml @@ -0,0 +1,60 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381 + connect_timeout: 2000 + read_timeout: 2000 + send_timeout: 2000 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 6379 + - host: 127.0.2.0 + port: 6380 + - host: 127.0.2.0 + port: 6381 + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + redis: + cluster_max_redirections: null + cluster_nodes: null diff --git a/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-old-fields.yaml b/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-old-fields.yaml new file mode 100644 index 0000000..7d8f110 --- /dev/null +++ b/tests/integration/testdata/diff/004-plugin-update/kong-ee-no-change-old-fields.yaml @@ -0,0 +1,51 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:6379 + - 127.0.1.0:6380 + - 127.0.1.0:6381 + timeout: 2000 + sentinel_addresses: + - 127.0.2.0:6379 + - 127.0.2.0:6380 + - 127.0.2.0:6381 + sentinel_master: mymaster + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: null + session_redis_cluster_nodes: null diff --git a/tests/integration/testdata/diff/005-deprecated-fields/kong-initial.yaml b/tests/integration/testdata/diff/005-deprecated-fields/kong-initial.yaml new file mode 100644 index 0000000..b9bb706 --- /dev/null +++ b/tests/integration/testdata/diff/005-deprecated-fields/kong-initial.yaml @@ -0,0 +1,12 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 0 + redis_host: localhost + redis: + database: 0 + host: localhost diff --git a/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-new-fields.yaml b/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-new-fields.yaml new file mode 100644 index 0000000..72cf4d4 --- /dev/null +++ b/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-new-fields.yaml @@ -0,0 +1,10 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis: + database: 0 + host: localhost diff --git a/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-old-fields.yaml b/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-old-fields.yaml new file mode 100644 index 0000000..c823a47 --- /dev/null +++ b/tests/integration/testdata/diff/005-deprecated-fields/kong-no-change-old-fields.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 0 + redis_host: localhost diff --git a/tests/integration/testdata/diff/005-deprecated-fields/kong-update-new-fields.yaml b/tests/integration/testdata/diff/005-deprecated-fields/kong-update-new-fields.yaml new file mode 100644 index 0000000..18440d9 --- /dev/null +++ b/tests/integration/testdata/diff/005-deprecated-fields/kong-update-new-fields.yaml @@ -0,0 +1,10 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis: + database: 3 + host: localhost-3 diff --git a/tests/integration/testdata/diff/005-deprecated-fields/kong-update-old-fields.yaml b/tests/integration/testdata/diff/005-deprecated-fields/kong-update-old-fields.yaml new file mode 100644 index 0000000..c0b33e7 --- /dev/null +++ b/tests/integration/testdata/diff/005-deprecated-fields/kong-update-old-fields.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 2 + redis_host: localhost-2 diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-initial.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-initial.yaml new file mode 100644 index 0000000..b9bb706 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-initial.yaml @@ -0,0 +1,12 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 0 + redis_host: localhost + redis: + database: 0 + host: localhost diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-new-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-new-fields.yaml new file mode 100644 index 0000000..72cf4d4 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-new-fields.yaml @@ -0,0 +1,10 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis: + database: 0 + host: localhost diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-old-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-old-fields.yaml new file mode 100644 index 0000000..c823a47 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-no-change-old-fields.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 0 + redis_host: localhost diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-new-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-new-fields.yaml new file mode 100644 index 0000000..18440d9 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-new-fields.yaml @@ -0,0 +1,10 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis: + database: 3 + host: localhost-3 diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-old-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-old-fields.yaml new file mode 100644 index 0000000..c0b33e7 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ce/kong-update-old-fields.yaml @@ -0,0 +1,9 @@ +_format_version: "3.0" +plugins: +- id: 2705d985-de4b-4ca8-87fd-2b361e30a3e7 + name: rate-limiting + config: + hour: 10000 + policy: redis + redis_database: 2 + redis_host: localhost-2 diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml new file mode 100644 index 0000000..188f45b --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-initial.yaml @@ -0,0 +1,68 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:6379 + - 127.0.1.0:6380 + - 127.0.1.0:6381 + cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381 + timeout: 2000 + connect_timeout: 2000 + read_timeout: 2000 + send_timeout: 2000 + sentinel_addresses: + - 127.0.2.0:6379 + - 127.0.2.0:6380 + - 127.0.2.0:6381 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 6379 + - host: 127.0.2.0 + port: 6380 + - host: 127.0.2.0 + port: 6381 + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: null + session_redis_cluster_nodes: null diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-new-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-new-fields.yaml new file mode 100644 index 0000000..0947058 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-new-fields.yaml @@ -0,0 +1,60 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381 + connect_timeout: 2000 + read_timeout: 2000 + send_timeout: 2000 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 6379 + - host: 127.0.2.0 + port: 6380 + - host: 127.0.2.0 + port: 6381 + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + redis: + cluster_max_redirections: null + cluster_nodes: null diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-old-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-old-fields.yaml new file mode 100644 index 0000000..7d8f110 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-no-change-old-fields.yaml @@ -0,0 +1,51 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:6379 + - 127.0.1.0:6380 + - 127.0.1.0:6381 + timeout: 2000 + sentinel_addresses: + - 127.0.2.0:6379 + - 127.0.2.0:6380 + - 127.0.2.0:6381 + sentinel_master: mymaster + sentinel_role: master + strategy: redis + sync_rate: 10 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: null + session_redis_cluster_nodes: null diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-new-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-new-fields.yaml new file mode 100644 index 0000000..e689b63 --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-new-fields.yaml @@ -0,0 +1,66 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_nodes: + - ip: 127.0.1.0 + port: 7379 + - ip: 127.0.1.0 + port: 7380 + - ip: 127.0.1.0 + port: 7381 + connect_timeout: 2005 + read_timeout: 2006 + send_timeout: 2007 + sentinel_master: mymaster + sentinel_nodes: + - host: 127.0.2.0 + port: 8379 + - host: 127.0.2.0 + port: 8380 + - host: 127.0.2.0 + port: 8381 + sentinel_role: master + strategy: redis + sync_rate: 11 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + redis: + cluster_max_redirections: 11 + cluster_nodes: + - ip: 127.0.1.0 + port: 7379 + - ip: 127.0.1.0 + port: 7380 + - ip: 127.0.1.0 + port: 7381 diff --git a/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-old-fields.yaml b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-old-fields.yaml new file mode 100644 index 0000000..ae0ea2f --- /dev/null +++ b/tests/integration/testdata/sync/035-deprecated-fields/kong-ee/kong-ee-update-old-fields.yaml @@ -0,0 +1,57 @@ +_format_version: "3.0" +services: + - name: svc1 + id: 9ecf5708-f2f4-444e-a4c7-fcd3a57f9a6d + host: mockbin.org + tags: + - test +plugins: +- id: a1368a28-cb5c-4eee-86d8-03a6bdf94b5e + enabled: true + name: rate-limiting-advanced + config: + consumer_groups: null + dictionary_name: kong_rate_limiting_counters + disable_penalty: false + enforce_consumer_groups: false + error_code: 429 + error_message: API rate limit exceeded + header_name: null + hide_client_headers: false + identifier: consumer + limit: + - 10 + namespace: ZEz47TWgUrv01HenyQBQa8io06MWsp0L + path: null + redis: + host: 127.0.0.5 + port: 6380 + cluster_addresses: + - 127.0.1.0:7379 + - 127.0.1.0:7380 + - 127.0.1.0:7381 + timeout: 2007 + sentinel_addresses: + - 127.0.2.0:8379 + - 127.0.2.0:8380 + - 127.0.2.0:8381 + sentinel_master: mymaster + sentinel_role: master + strategy: redis + sync_rate: 11 + window_size: + - 60 + window_type: sliding +- id: 777496e1-8b35-4512-ad30-51f9fe5d3147 + name: openid-connect + enabled: true + config: + issuer: https://accounts.google.test/.well-known/openid-configuration + session_redis_cluster_max_redirections: 7 + session_redis_cluster_nodes: + - ip: 127.0.1.0 + port: 6379 + - ip: 127.0.1.0 + port: 6380 + - ip: 127.0.1.0 + port: 6381